CODEWITHSUNDEEP
amazon-web-servicesamazon-ec2aws-lambdaamazon-sagemaker
Phoenix
Phoenix

Reputation: 399

Hiding Secret Keys in SageMaker (Environment Variables?)

I used to hide connection credentials in environmental variables (.bash_profile). Recently working with SageMaker, I tried a similar process with the terminal available in SageMaker but I am getting the following error, 

NameError: name 'DB_USER' is not defined

Is there any efficient way to hide the credentials in SageMaker?

Upvotes: 4

Views: 4178

Answers (2)

velociraptor11
velociraptor11

Reputation: 604

Extending on Olivier's answers, you could provide your Sagemaker endpoint with the proper roles in the deployment code like so

role = 'arn:aws:iam::xxxxxxxxxx:role/service-role/AmazonSageMaker-ExecutionRole-xxxxxxxxxx:role'

sagemaker_model = MXNetModel(model_data = 's3://' + bucket + '/model/model.tar.gz',
                             role = role, 
                             entry_point = 'entry_point.py',
                             py_version='py3',
                             framework_version='1.4.1',
                             sagemaker_session = sagemaker_session)

Just remember to provide the necessary permissions in the Role you provided

Upvotes: 1

Olivier Cruchant
Olivier Cruchant

Reputation: 4037

the recommended way to handle secret storage within AWS is AWS Secrets Manager. Secrets Manager stores secret in a secured fashion as a key-value pair. The key benefit is that it allows you to administer access to those secrets via IAM roles and permission abstractions, and retrieve them with the SDK of your choice, such as boto3 for example. Secrets Manager is actually also used by Amazon SageMaker for git credential storage in the case of third-party git integrations

Upvotes: 8

Related Questions